Feature/addruletype to sigma rule#230 (#235)

* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231

rules/sigma/process_access/sysmon_cmstp_execution_by_access.yml

@@ -35,3 +35,4 @@ tags:
 - attack.g0069
 - attack.g0080
 - car.2019-04-001
+ruletype: SIGMA

rules/sigma/process_access/sysmon_cobaltstrike_bof_injection_pattern.yml

@@ -30,3 +30,4 @@ tags:
 - attack.t1106
 - attack.defense_evasion
 - attack.t1562.001
+ruletype: SIGMA

rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml

@@ -76,3 +76,4 @@ tags:
 - attack.t1003
 - attack.s0002
 - car.2019-04-004
+ruletype: SIGMA

rules/sigma/process_access/sysmon_direct_syscall_ntopenprocess.yml

@@ -23,3 +23,4 @@ status: experimental
 tags:
 - attack.execution
 - attack.t1106
+ruletype: SIGMA

rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml

@@ -77,3 +77,4 @@ tags:
 - attack.t1055.001
 - attack.t1055.002
 - attack.t1055
+ruletype: SIGMA

rules/sigma/process_access/sysmon_invoke_phantom.yml

@@ -30,3 +30,4 @@ tags:
 - attack.defense_evasion
 - attack.t1562.002
 - attack.t1089
+ruletype: SIGMA

rules/sigma/process_access/sysmon_lazagne_cred_dump_lsass_access.yml

@@ -34,3 +34,4 @@ tags:
 - attack.credential_access
 - attack.t1003.001
 - attack.s0349
+ruletype: SIGMA

rules/sigma/process_access/sysmon_littlecorporal_generated_maldoc.yml

@@ -27,3 +27,4 @@ tags:
 - attack.execution
 - attack.t1204.002
 - attack.t1055.003
+ruletype: SIGMA

rules/sigma/process_access/sysmon_load_undocumented_autoelevated_com_interface.yml

@@ -30,3 +30,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1548.002
+ruletype: SIGMA

rules/sigma/process_access/sysmon_lsass_dump_comsvcs_dll.yml

@@ -29,3 +29,4 @@ status: experimental
 tags:
 - attack.credential_access
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/process_access/sysmon_lsass_memdump.yml

@@ -32,3 +32,4 @@ tags:
 - attack.t1003.001
 - attack.t1003
 - attack.s0002
+ruletype: SIGMA

rules/sigma/process_access/sysmon_malware_verclsid_shellcode.yml

@@ -38,3 +38,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1055
+ruletype: SIGMA

rules/sigma/process_access/sysmon_mimikatz_trough_winrm.yml

@@ -34,3 +34,4 @@ tags:
 - attack.t1021.006
 - attack.t1028
 - attack.s0002
+ruletype: SIGMA

rules/sigma/process_access/sysmon_pypykatz_cred_dump_lsass_access.yml

@@ -35,3 +35,4 @@ status: experimental
 tags:
 - attack.credential_access
 - attack.t1003.001
+ruletype: SIGMA

rules/sigma/process_access/sysmon_svchost_cred_dump.yml

@@ -26,3 +26,4 @@ logsource:
 status: experimental
 tags:
 - attack.t1548
+ruletype: SIGMA

rules/sigma/process_access/sysmon_uac_bypass_wow64_logger.yml

@@ -28,3 +28,4 @@ tags:
 - attack.defense_evasion
 - attack.privilege_escalation
 - attack.t1548.002
+ruletype: SIGMA

rules/sigma/process_access/win_susp_shell_spawn_from_winrm.yml

@@ -33,3 +33,4 @@ tags:
 - attack.initial_access
 - attack.persistence
 - attack.privilege_escalation
+ruletype: SIGMA